Earlier this year, worldwide consulting firm McKinsey & Company surveyed more than 100 organizations in multiple industries to assess their level of what researchers termed “cybersecurity maturity.”
Analysts laid out four levels of maturity for participants in the study, starting from a base of “zero capabilities” to an apex of a “proactive approach.” Along the way, companies progress through “ad hoc management” by plugging gaps to “security by design” – i.e., “embedding in products, services and processes.”
In the end, researchers concluded 70% of the organizations examined “have yet to fully advance to a mature-based approach.”
“Ours is proving to be the century of cyber insecurity, yet few organizations have made sufficient progress in protecting information assets,” summed McKinsey consultants.
But along with this grim assessment, the study’s authors advocated a method for raising a business’ maturity level: The Cybersecurity Framework of
the National Institute for Standards and Technology (NIST).
For years, we’ve encouraged companies to follow this pathway, too. Here are NIST’s seven action areas:
- Prioritize information assets and related risks
- Enlist frontline personnel
- Integrate cyber-resilience into enterprise-wide processes
- Develop integrated incident response
- Integrate security into technology environments
- Provide layers of protection for most important assets
- Deploy active defenses
Of course, there’s much to do at every stage. Give us a call. We’ll walk you through the process.